TJ_in_IL
join:2006-06-10
Winthrop Harbor, IL
 ·ViaTalk
·Teliax VOIP
 ·Comcast
·Teleblend
| Returned E-Mail
Not sure if this is the place to post, but I'll try.
Lately I have been getting alot of "Returned-Undeliverable" e-mails to my catch-all e-mail account. When I look at the return path, it shows random names@mydomain.com.
I used to get one every now and again, but now it is like 20+ a day.
Any suggestions?
Thanks in advance.
BTW... I have learned alot here, and now have my own HoneyPot Project on my site, and my spam has dropped off greatly. Thanks for the advice.
TJ |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
1 edit | There is not a whole lot that you can do, other than ride it out. A Spammer is forging your domain as the "from" on spam runs, and the bounces are coming to you. A check of the headers in the returned mail will confirm that the originating ip is not yours. It should not last for very long as spammers constantly rotate the from domains to avoid filtering. Having an SPF record for your domain, if you control it, will serve as additional confirmation of the forgery and assists some servers in filtering the spam.
Rejecting or otherwise rerouting the returns back out serves little purpose, and only adds to the noise level. A temporary filter to dev/null is the best option, and the problem will self correct shortly, unless of course you are being intentionally joe jobbed.
MGD |
|
TJ_in_IL
join:2006-06-10
Winthrop Harbor, IL | Thanks for the reply. I have set up a filter and will ride it out.
TJ |
|
Dennis
Premium,Mod
join:2001-01-26
Algonquin, IL | out of curiosity, did you set that up on the server or in your email client?
I've been getting joe jobbed for a month now, and keep meaning to get my admin to set it up... |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
 ·Pacific Bell - SBC
| said by Dennis  :I've been getting joe jobbed for a month now, and keep meaning to get my admin to set it up... If you aren't specifically targeted to harm your reputation, you aren't being "Joe Jobbed". A Joe Job is a specific kind of attack, aimed at ruining the reputation of an online business. Anything else is just common forgery of the email address.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
Dennis
Premium,Mod
join:2001-01-26
Algonquin, IL | ok, well then my domain is being spoofed with lot's of fake addy's. I guess I just take that as tarnishing of my reputation by default  |
|
TJ_in_IL
join:2006-06-10
Winthrop Harbor, IL
·ViaTalk
·Teliax VOIP
·Comcast
·Teleblend
| reply to Dennis
said by Dennis :out of curiosity, did you set that up on the server or in your email client? I've been getting joe jobbed for a month now, and keep meaning to get my admin to set it up... I set that in my email server.
I did notice that they have started to slow down. I have them dumped in a seperate folder, so I can track the numbers.
TJ |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to Dennis
Summer of '03 my Yahoo! Mail account email address was forged in a spam run. I received over 300 Delivery Failure Notices that I know of; before I set filters to trap them. Just in the first couple of days. Tapered off after 30 days passed.
The effect of any forgery is deleterious to the victim. But the "Joe Job" is a special kind of retaliatory attack. I can't prove that the forgery of my Yahoo! Mail account email address was any kind of targeted retaliation; so I don't consider that it was a "Joe Job".
Some information on the classic "Joe Job" here:
»www.joes.com/spammed.html
Joe Doll was the original victim of a "Joe Job". His "crime" was to terminate a hosted spammer for spamming. The spammer elected to retaliate for being terminated.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
Dennis
Premium,Mod
join:2001-01-26
Algonquin, IL | damn semantics...
since the spam is all against my "domain" one could argue that the intent was indeed to tarnish my reputation. Maybe if I didn't pay money to host my site I wouldn't feel that way. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| Most times spammers forge email addresses to beat gateway mail servers which validate "MAIL FROM" email addresses. A waste of a 10,000 item mailshot if the gateway mail server rejects all spam because "MAIL FROM: <james.grubelfarber@example.com>" failed a validation check.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
